← Back to Scrillium

Privacy Policy

Your thinking is yours.

Last updated: April 7, 2026

Scrillium is a writing tool. You trust us with your thinking, and we take that seriously. This policy explains exactly what we collect, why, and what we do with it. No legal fog.

What we collect

Account information

Your email address and a hashed password. We use your email to log you in, send receipts, and reach you if something goes wrong. That is all.

Your writing

Notes, links, and spaces you create in Scrillium are stored in our database. All titles, space names, and link URLs are encrypted at the application level using AES-256 before they reach the database. A direct database query returns nothing readable.

Behavioral signals

We store lightweight event metadata (for example, "a note was edited" or "a space was opened") to power features like the Thinking Timeline. These signals contain event types and timestamps. They never contain the text of what you wrote.

Embeddings

To find connections between your notes, we generate mathematical representations (embeddings) of your writing using OpenAI's embedding model. Embeddings are numerical vectors, not readable text. They are stored in our database and used only to surface reflections for you.

Payment information

Payments are handled entirely by Stripe. We never see or store your card number. We store your Stripe customer ID and subscription status so we know whether your account is active.

How we use your data

  • To run Scrillium and show you your writing.
  • To find connections between your notes across open spaces.
  • To process payments through Stripe.
  • To send transactional emails (receipts, password resets) through Resend.

We do not use your writing to train AI models. We do not sell your data. We do not show ads.

Third-party services

Scrillium uses these services to operate:

  • Supabase (PostgreSQL hosting) — stores your encrypted data.
  • Fly.io — runs the application.
  • OpenAI — generates embeddings and extracts concepts from your writing. Your text is sent to OpenAI's API for processing, then discarded by OpenAI per their API data usage policy (API inputs are not used for training).
  • Stripe — processes payments.
  • Resend — sends transactional emails.

Walled spaces

When you mark a space as walled, its content is completely isolated. Nothing from a walled space is included in reflection, search across spaces, or any cross-space feature. This isolation is enforced at the database query level, not just in the UI.

Data retention

Your data exists as long as your account does. If you delete a note, it is removed from the database. If you cancel your subscription, your data remains accessible for 30 days. After that, we delete everything associated with your account.

Your rights

You can:

  • Export your data by contacting us.
  • Delete your account and all associated data by contacting us.
  • Cancel your subscription at any time through your account settings.

Cookies

We use a single session cookie to keep you logged in. No tracking cookies. No analytics cookies. No third-party cookies.

Changes to this policy

If we change this policy in a way that affects your rights, we will email you before the change takes effect.

Contact

Questions about privacy? Email privacy@scrillium.com.

Scrillium Scrillium
Privacy Terms
© 2026 Scrillium